SCSI-based storage area network having a SCSI router that routes traffic between SCSI and IP networks

ABSTRACT

A system and method for accessing Storage Area Networks over an IP network. A SCSI request is generated and encapsulated in one or more IP packets. The encapsulated SCSI request is routed over an IP network and received by a storage router. The storage router extracts the SCSI request from the one or more IP packets and routes the extracted SCSI request through a virtual SCSI router to the storage area network.

COPYRIGHT NOTICE/PERMISSION

A portion of the disclosure of this patent document contains materialthat is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure as it appears in the Patent and TrademarkOffice patent file or records, but otherwise reserves all copyrightrights whatsoever. The following notice applies to the drawings, thesoftware descriptions/examples, and data as described below: Copyright ©2001–2002, Cisco Systems, Inc., All Rights Reserved.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is related to the following co-pending, commonlyassigned U.S. patent applications:

Application Ser. No. 10/122,401, filed Apr. 11, 2002, entitled “METHODAND APPARATUS FOR SUPPORTING COMMUNICATIONS BETWEEN NODES OPERATING IN AMASTER-SLAVE CONFIGURATION”, which is a continuation of application Ser.No. 09/949,182, filed Sep. 7, 2001, entitled “METHOD AND APPARATUS FORSUPPORTING COMMUNICATIONS BETWEEN NODES OPERATING IN A MASTER-SLAVECONFIGURATION”; application Ser. No. 10/094,552, filed Mar. 7, 2002,entitled “METHOD AND APPARATUS FOR EXCHANGING HEARTBEAT MESSAGES ANDCONFIGURATION INFORMATION BETWEEN NODES OPERATING IN A MASTER-SLAVECONFIGURATION”; application Ser. No. 10/131,275, filed even dateherewith, entitled “METHOD AND APPARATUS FOR CONFIGURING NODES ASMASTERS OR SLAVES”; application Ser. No. 10/131,274, filed even dateherewith, entitled “METHOD AND APPARATUS FOR TERMINATING APPLICATIONS INA HIGH-AVAILABILITY NETWORK”; application Ser. No. 10/131,793, filedeven date herewith, entitled “VIRTUAL SCSI BUS FOR SCSI-BASED STORAGEAREA NETWORK”; application Ser. No. 10/131,782, filed even dateherewith, entitled “VIRTUAL MAC ADDRESS SYSTEM AND METHOD”; applicationSer. No. 10/128,655, filed even date herewith, entitled “SYSTEM ANDMETHOD FOR CONFIGURING FIBRE-CHANNEL DEVICES”; application Ser. No.10/131,789, filed even date herewith, entitled “METHOD AND APPARATUS FORASSOCIATING AN IP ADDRESS AND INTERFACE TO A SCSI ROUTING INSTANCE”;application Ser. No. 10/128,657, filed even date herewith, entitled“METHOD AND APPARATUS FOR EXCHANGING CONFIGURATION INFORMATION BETWEENNODES OPERATING IN A MASTER-SLAVE CONFIGURATION”; and application Ser.No. 10/128,993, filed even date herewith, entitled “SESSION-BASEDTARGET/LUN MAPPING FOR A STORAGE AREA NETWORK AND ASSOCIATED METHOD”,all of the above of which are hereby incorporated by reference in theirentirety.

FIELD OF THE INVENTION

This invention relates generally to data storage, and more particularlyto a system and method for making SCSI-based devices accessible across anetwork

BACKGROUND OF THE INVENTION

As electronic business (ebusiness) grows, so does the need for betterways to share and manage large amounts of data. The amount of datastorage required by today's ebusinesses is staggering. A good example ofthis is mail.com, which grew to 60 terabytes of storage in just 45 days.

Today almost all client access to large scale storage is accomplished bysending requests through general-purpose servers that connect an IPnetwork (e.g., LAN or WAN) to the storage network (e.g., a Storage AreaNetworks (SAN)). Storage Area Networks provide access to large amountsof data storage.

SANs, however, are complex systems. A recent Enterprise ManagementAssociates (EMA) study of 187 IT professionals stated, however, thatonly 20% of customers had installed SANs by the end of 1999.46% of therespondents in that survey said they had no plans to install a SAN. Thetop four reasons for delaying or for deciding not to install a SAN were:high implementation costs, lack of qualified staff, technologyimmaturity, and lack of standards. Furthermore, although SANs typicallyare very good at connecting native storage resources, they aredistance-limited and have no knowledge of IP and its priorities.

Often, customers outsource their storage to a SSP provider who willmanage their storage needs for a pre-determined fee. A typicalapplication would use a distributed Fibre-Channel (FC) network toconnect an IP network to FC devices located at either a local or aremote site. In this example, the SSP provides the entire storageinfrastructure on the customers premises. While FC has numerousadvantages, it lacks network management tools and is significantlyhigher priced than comparable Ethernet products. Most importantly, dueto lack of network security, the SSP must create a separate Storage AreaNetwork for each customer at the SSP to separate data from multiplecustomers.

For the reasons stated above, and for other reasons stated below whichwill become apparent to those skilled in the art upon reading andunderstanding the present specification, there is a need in the art fora system and method for accessing SANs over an IP network in a moreintegrated fashion.

SUMMARY OF THE INVENTION

The above-mentioned shortcomings, disadvantages and problems areaddressed by the present invention, which will be understood by readingand studying the following specification.

According to one aspect of the present invention, a system and method isdescribed for accessing SANs over an IP network. A SCSI request isgenerated and encapsulated in one or more IP packets. The encapsulatedSCSI request is routed over an IP network and received by a storagerouter. The storage router extracts the SCSI request from the one ormore IP packets and routes the extracted SCSI request through a virtualSCSI router to the storage area network.

According to another aspect of the present invention, a storage routerincludes a management module having a management interface, an IPnetwork interface, a SCSI network interface for connecting to a networkrunning a SCSI protocol and a SCSI router. The management interfacereceives commands and wherein the management module configures thestorage router as a function of the received commands. The SCSI routerreceives encapsulated SCSI packets from the IP network interface,extracts the SCSI packet from the encapsulated SCSI packet and forwardsthe SCSI packet to the SCSI network interface.

According to yet another aspect of the present invention, a storagerouter includes a management module having a management interface, an IPnetwork interface, a SCSI network interface for connecting to a networkrunning a SCSI protocol and a plurality of virtual SCSI routers. Themanagement interface receives commands and wherein the management moduleconfigures the storage router as a function of the received commands.Each virtual SCSI router receives encapsulated SCSI packets from the IPnetwork interface, extracts the SCSI packet from the encapsulated SCSIpacket and forwards the SCSI packet to the SCSI network interface.

According to yet another aspect of the present invention, a computersystem includes an IP network, a computer and a storage router. Thestorage router includes an IP network interface, a SCSI networkinterface for connecting to a network running a SCSI protocol and avirtual SCSI router. The virtual SCSI router receives encapsulated SCSIpackets from the IP network interface, extracts the SCSI packet from theencapsulated SCSI packet and forwards the SCSI packet to the SCSInetwork interface.

According to yet another aspect of the present invention, a storagerouter system includes a plurality of storage routers. Each storagerouter includes a management module having a management interface, an IPnetwork interface, a SCSI network interface for connecting to a networkrunning a SCSI protocol and a virtual SCSI router. The managementinterface includes a high availability interface and the managementinterface receives commands and configures the storage router as afunction of the received commands. Each SCSI router receivesencapsulated SCSI packets from the IP network interface, extracts theSCSI packet from the encapsulated SCSI packet and forwards the SCSIpacket to the SCSI network interface. The high availability interface ofeach storage router is communicatively connected to the highavailability interface of each of the other storage routers.

The present invention describes systems, methods, and computer-readablemedia of varying scope. In addition to the aspects and advantages of thepresent invention described in this summary, further aspects andadvantages of the invention will become apparent by reference to thedrawings and by reading the detailed description that follows.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a SCSI-based storage system according tothe present invention;

FIG. 2 shows a hardware block diagram of one embodiment of storagerouter 110;

FIG. 3 is a function block diagram of an exemplary system 100 havingstorage router 110;

FIG. 4 is a block diagram representing the concept of storage mappingand access control;

FIG. 5 is a block diagram of internal functions of storage router 110;

FIG. 6 shows an exemplary storage-router cluster 300 showing SCSIrouting;

FIG. 7 shows the headers added to the iSCSI and to the fibre-channelcommands and data;

FIG. 8 is a block diagram of a SAN 100 showing naming and mapping;

FIG. 9 is a block diagram of a SAN 100 showing SCSI encapsulation;

FIG. 10 is a block diagram of a SAN 100 showing naming and mapping;

FIG. 11 shows a block diagram of a sample storage-router network 200;and

FIG. 12 illustrates a device database which could be used in the presentinvention.

DETAILED DESCRIPTION OF THE INVENTION

In the following detailed description of the preferred embodiments,reference is made to the accompanying drawings which form a part hereof,and in which is shown by way of illustration specific embodiments inwhich the invention may be practiced. It is to be understood that otherembodiments may be utilized and structural changes may be made withoutdeparting from the scope of the present invention.

Some portions of the detailed descriptions which follow are presented interms of algorithms and symbolic representations of operations on databits within a computer memory. These algorithmic descriptions andrepresentations are the ways used by those skilled in the dataprocessing arts to most effectively convey the substance of their workto others skilled in the art. An algorithm is here, and generally,conceived to be a self-consistent sequence of steps leading to a desiredresult. The steps are those requiring physical manipulations of physicalquantities. Usually, though not necessarily, these quantities take theform of electrical or magnetic signals capable of being stored,transferred, combined, compared, and otherwise manipulated. It hasproven convenient at times, principally for reasons of common usage, torefer to these signals as bits, values, elements, symbols, characters,terms, numbers, or the like. It should be borne in mind, however, thatall of these and similar terms are to be associated with the appropriatephysical quantities and are merely convenient labels applied to thesequantities. Unless specifically stated otherwise, terms such as

processing

or

computing

or

calculating

or

determining

or

displaying

or the like, refer to the actions and processes of a computer system, orsimilar computing device, to manipulate and transform data. Unlessspecifically stated otherwise, the data being manipulated is stored asphysical (e.g., electronic) representations within computer systemregisters and memories, or within other information storage,transmission or display devices. The following detailed description is,therefore, not to be taken in a limiting sense, and the scope of thepresent invention is defined only by the appended claims.

A SCSI-based storage system is shown in FIG. 1. The Small ComputerSystems Interface (SCSI) is a popular family of protocols forcommunicating with I/O devices, especially storage devices. In system100 of FIG. 1, one or more servers 127, 128 access a storage network 139via an IP network 129. A server issues a SCSI request and encapsulatesthe SCSI request in one or more IP packets. The encapsulated SCSIrequest is routed across IP network 129 to a storage router 110, wherethe SCSI request is extracted from the one or more IP packets. Theextracted SCSI request is then routed through storage network 139 to astorage device 140. The server, therefore, can access storage device 140as if it were directly attached to the storage device.

As is shown in FIG. 1, in one embodiment, system 100 can be viewed asperforming three distinct actions for each request 101. First, SCSIrequests are transported over an IP network. Second, SCSI requests arerouted through storage router 110 to storage network 139. Finally, theSCSI request is transported across storage network 139 to a SCSI device140.

Similarly, as is shown in the embodiment in FIG. 1, system 100 can beviewed as performing three distinct actions for each response. First,SCSI responses are transported from SCSI device 140 across storagenetwork 139. Second, SCSI responses are routed through storage router110 to IP network 129. Finally, the SCSI response is transported acrossIP network 129 to one of the servers 127, 128.

In one embodiment, a driver in each server 127, 128 is used toencapsulate SCSI commands into one or more IP packets. Such anembodiment is shown in FIG. 9. In the embodiment shown in FIG. 9, thedriver implements the iSCSI specification. The iSCSI protocol is atransport protocol for SCSI that operates on top of TCP. It is describedin “draft-ietf-ips-iSCSI-12.txt” on the Internet Engineering Task Forceweb site.

The iSCSI protocol aims to be fully compliant with the requirements laidout in the SCSI Architecture Model-2 (SAM2) document. The iSCSI protocolis a mapping of the SCSI remote procedure invocation model (see the SAMdocument)) over the TCP protocol. SCSI commands are carried by iSCSIrequests and SCSI responses and status are carried by iSCSI responses.iSCSI also uses the request response mechanism for iSCSI protocolmechanisms.

Returning to FIG. 9, an end user initiates a request for data fromcomputer 132. Computer 132 sends the request via one or more IP packets131 to server 128. Server 128 creates one or more SCSI block requestsbased on the file request received from computer 132, encapsulates theSCSI block requests within IP packets 133 and sends the encapsulatedpackets 133 across IP network 129 to storage router 110. Storage router110 extracts the SCSI block requests and sends the requests acrossstorage network 139 to storage device 140. In the embodiment shown,storage network 139 is a Fibre-Channel (FC) network and the SCSI blockrequests are sent across storage network 139 as Fibre-Channel packets135.

One embodiment of storage router 110 is shown in FIG. 2. Storage router110 of FIG. 2 includes a processor 170, which runs the storage router110 software, a Gigabit Ethernet interface 106, which providesconnection to IP network 129 for access by servers 127, 128 and a FibreChannel interface 104, which provides connection to storage network 139for access to storage devices 140.

In the embodiment shown in FIG. 2, storage router 110 also includes aHigh Availability (HA) interface 148, which provides a physicalconnection for high availability communication with another storagerouter 110 and management interfaces 158 and 168, which provideconnections for managing storage router 110. As shown in FIG. 2, HAinterface 148 includes a 10/100 Ethernet interface. HA interface 148will be described in more detail below.

In the embodiment shown in FIG. 2, the management interfaces include anRS-232 interface 168 for local console connection and a 10/100 Ethernetinterface 158 for local or network connection.

In one such embodiment, processor 170 is implemented as a 750PowerPCmicroprocessor 171 running at 500 MHz and having 512 KB of local L2cache 172. Microprocessor 171 connects through bus 176 to a 64-bit,66-MHz PCI bridge 173 that controls 128 MB to 1 GB of SDRAM 174. Bridge173 also controls interfaces 148,158 and 168 and a PCI bus 177.

In the embodiment shown in FIG. 2, router 110 is implemented in a 1Urack-mountable chassis (not shown). The chassis is powered by a 70 wattpower supply 178 and cooled by fan 179. In one such embodiment,interface 104 to IP network 129 is a Gigabit Ethernet card using Intel82543GC-type hardware at a first PCI interface site. Interface 106 is aFibre-Channel card using Qlogic ISP2200-type hardware at a second PCIinterface site (for a Fibre-Channel interface). In another embodiment,interface 106 is a parallel SCSI card using Qlogic 1100-type hardware ata second PCI interface site (for a parallel SCSI interface).

In one embodiment, a 32 MB FLASH-type non-volatile storage 175 isprovided to store the software that is loaded into processor 170.

The storage router 110 software provides SCSI routing between serversand the storage devices. In one embodiment, the software includes acommand line interface (CLI) and web-based graphical user interface(GUI) for operation, configuration and administration, maintenance, andsupport tasks of storage router 110 from a terminal connected to one orboth of the management ports 158 and/or 168.

Another embodiment of a SCSI-based storage system 100 is shown in FIG.3. In the system shown in FIG. 3, system 100 includes computers (127,128) connected through an IP network 139 to storage router 110. Storagerouter 110 is connected in turn through storage network 130 to one ormore SCSI devices 140. In the embodiment shown in FIG. 3, storage router110 includes an iSCSI interface 104, a SCSI router 105 and a SCSIinterface 106. iSCSI interface 104 receives encapsulated SCSI packetsfrom IP network 129, extracts the SCSI packet and send the SCSI packetto SCSI router 105. SCSI interface 106 modifies the SCSI packet toconform with its network protocol (e.g., Fibre Channel, parallel SCSI,or iSCSI) and places the modified SCSI packet onto storage network 130.The SCSI packet is then delivered to its designated SCSI device 140.

In one embodiment, computers 127–128 formulate storage commands as if totheir own iSCSI devices (with target and LUN addresses (or names)). Thecommands are placed in IP packets that are passed over IP network 129(for example, a GbE network) and are received by iSCSI interface 104which strips off TCP/IP headers. SCSI router 105 then maps the logicaliSCSI targets or target/LUN combinations to SCSI addresses used onstorage network 139. Interface 106, which in some embodiments is a FiberChannel interface, and in other embodiments is a parallel SCSI interface(or even another iSCSI interface), then packages the commands and/ordata (for example, adding FCP headers and FC headers for informationgoing to an FC network 139) and sends it to one of the storage devices140.

In some embodiments, each server 127,128 that requires IP access tostorage 140 via the storage router 110 must have an iSCSI driver, suchas the Cisco Storage Networking iSCSI driver, installed. One suchembodiment is shown in FIG. 10, where an iSCSI driver 181 is insertedbetween the SCSI generic application 183 and the transport layer 185.Using the iSCSI protocol, iSCSI driver 181 allows a server 128 togenerate SCSI requests and responses and transport them over an IPnetwork 129. From the perspective of a server's operating system, theiSCSI driver appears to be a SCSI or Fibre Channel driver for aperipheral channel in the server 128.

As noted above, one disadvantage of systems for accessing SANs over IPnetworks is the lack of security. In contrast, security in system 100takes advantage of the many mechanisms available for security servicesin IP networks. With existing SAN security, SSPs often have to allocateseparate storage resources to each customer. In addition, the SSP has toworry about the segregation and privacy of the customer's data as itcrosses the SSP's shared fiber optic infrastructure. Concepts likevirtual private networks, encryption, authentication, and access controldo not exist in SANs. All of these concepts, however, are present in IPnetworks. By encapsulating SCSI over IP, the years of development ofsecurity in IP networks becomes instantly available to storage networksand to the storage service providers, allowing them to ensure accesscontrol to storage and the privacy of data on their sharedinfrastructure.

As noted above, today almost all client access to storage isaccomplished by sending the requests through general-purpose serversthat connect that the IP networks (LAN, WAN, etc.) to the storagenetworks (SAN). With storage router 110, and a SCSI/IP driver in theclient, the general-purpose server is unnecessary. Eliminating thisserver allows for the rapid growth of storage service providers,companies who want to storage access across the Internet and largeenterprise customers who want to allocate storage resources based onapplication, by department or by division.

In one embodiment, storage router 110 provides IPv4 router functionalitybetween a single Gigabit Ethernet and a Fibre Channel interface. In onesuch embodiment, static routes are supported. In addition, storagerouter 110 supports a configurable MTU size for each interface, and hasthe ability to reassemble and refragment IP packets based on the MTU ofthe destination interface.

In one embodiment, storage router 110 acts as a gateway, converting SCSIprotocol between Fibre Channel and TCP/IP. Storage router 110 isconfigured in such an embodiment to present Fibre Channel devices asiSCSI targets, providing the ability for clients on the IP network todirectly access storage devices.

As noted above, today almost all client access to storage isaccomplished by sending the requests through general-purpose serversthat connect that the IP networks (LAN, WAN, etc.) to the storagenetworks (SAN). With storage router 110, and a SCSI/IP driver in theclient, the general-purpose server is unnecessary. Eliminating thisserver allows for the rapid growth of storage service providers,companies who want to storage access across the Internet and largeenterprise customers who want to allocate storage resources based onapplication, by department or by division.

The SCSI Router

In one embodiment, SCSI routing occurs in the Storage Router 110 throughthe mapping of physical storage devices to iSCSI targets. An iSCSItarget (also called logical target) is an arbitrary name for a group ofphysical storage devices. You can map an iSCSI target to multiplephysical devices. An iSCSI target always contains at least one LogicalUnit Number (LUN). Each LUN on an iSCSI target is mapped to a single LUNon a physical storage target.

In one such embodiment, you can choose either of two types of storagemapping: target-and-LUN mapping or target-only mapping. Target-and-LUNmapping maps an iSCSI target and LUN combination to a physical storagetarget and LUN combination. Target-only mapping maps an iSCSI target toa physical storage target and its LUNs.

With target-and-LUN mapping, an iSCSI target name and iSCSI LUN numberare specified and mapped to the physical storage address of one LUN.This mapping can take the form of a Loop ID+LUN combination, a WWPN+LUNcombination, or a WWNN. If the LUN is available, it is made available asan iSCSI LUN and numbered with the iSCSI LUN number specified.

For example, if an iSCSI target and iSCSI LUN specified as Database, LUN9 were mapped to the physical storage address, Loop ID 070, LUN 12, thenLUN 127, 128 of the device identified as Loop ID 070 would be availableas one iSCSI LUN. An iSCSI driver would see the iSCSI target namedDatabase, with one iSCSI LUN identified as LUN 9. The iSCSI LUN wouldappear as one storage device to a server. (See Table 1 below.)

TABLE 1 Target-and-LUN Mapping Example Apparent to iSCSI PhysicalPhysical Server in Target iSCSI LUN Storage LUN Device File NameAvailable Address Available /dev/sdb2 Database LUN 9 Loop ID 070 LUN 12Apparent as Database iSCSI LUN is Specifies the The LUN one locallyappears as numbered as storage number is attached one specified andaddress of a specified as storage device. controller can be storage theonly (Linux device with one different than controller. LUN to be fileused as LUN the physical mapped. an example.) available. LUN number.

With target-only mapping, an iSCSI target name is specified and mappedto the physical storage address of a storage controller only. Thismapping can take the form of a; either a Loop ID or WWPN. Any LUNs thatare available in the storage controller are made available as iSCSI LUNsand are numbered the same as the LUNs in the storage controller.

For example, if an iSCSI target specified as Webserver200 were mapped tothe physical storage address Loop ID 050, and LUNs 1 through 3 wereavailable in that controller, those LUNs would become available as threeiSCSI LUNs. An iSCSI driver would see the iSCSI target namedWebserver2000 as a controller with three iSCSI LUNs identified as LUN 1,LUN 2, and LUN 3. Each iSCSI LUN would appear as a separate storagedevice to a server. (See Table 2 below.)

TABLE 2 Target-only Mapping Example Apparent to iSCSI Physical PhysicalServer in iSCSI Target LUNs Storage LUNs Device File Name AvailableAddress Available /dev/sdb1 Webserver200 LUN 1 Loop ID LUN 1 050/dev/sde1 Webserver200 LUN 2 Loop ID LUN 2 050 /dev/sdf1 Webserver200LUN 3 Loop ID LUN 3 050 Apparent as Webserver200 iSCSI LUNs SpecifiesLUNs 1, three locally appears as one are the storage 2, and 3 attachedstorage controller. numbered address of are devices. (Linux LUNs 1, 2,the same as a storage available device file used and 3 are physicalcontroller. for as an example.) available. LUNs. mapping.

Access for SCSI routing is controlled in computers 127, 128 and instorage router 110. In computer 127, for instance, the IP address ofeach storage router 110 with which computer 127 is to transport SCSIrequests and responses is configured in the iSCSI driver. In storagerouter 110, an access list identifies which computers 127, 128 canaccess storage devices attached to it.

Once the access is configured in computers 127, 128 and in storagerouter 110, and once the storage mapping is configured in storage router110, storage router 110 routes SCSI requests and responses betweenservers 127, 128 and the mapped storage devices 140. The concept ofstorage mapping and access control is illustrated in FIG. 4.

In FIG. 4, Storage Router 18 provides three servers (127, 128) with IPaccess to disk drives controlled by four disk controllers 340. An iSCSIdriver 181 in each server (127, 128) is configured to access storagerouter 110 at IP address 10.1.2.3. An access list 322 in storage router110 specifies that servers A, B, and C are allowed to access the mappedstorage devices. From the perspective of a server, each disk drivemapped to it appears as a locally attached disk drive. Table 3 shows thecorrelation between access list 322, the storage router IP address, andthe storage device mapping.

TABLE 3 Storage Mapping and Access Control Concept Servers StorageDevices Allowed Apparent to Server Via Storage Mapped Mapped Access viaas Locally Attached Router IP To To Access List Devices AddressController Drive Server A Drive D 10.1.2.3 1 1 Drive E 10.1.2.3 1 2Drive F 10.1.2.3 1 3 Drive G 10.1.2.3 2 1 Drive H 10.1.2.3 2 2 Drive I10.1.2.3 2 3 Server B Drive D 10.1.2.3 3 1 Drive E 10.1.2.3 3 2 Server CDrive D 10.1.2.3 4 1 Drive E 10.1.2.3 4 2 Drive F 10.1.2.3 4 3 Drive G10.1.2.3 3 3

The system 100 illustrated in FIG. 4, and the contents of Table 3 above,illustrate the concept of storage mapping and access control. The IPaddresses will vary, of course, according to each system 100. Similarly,the type of storage addressing (for example, WWNN, WWPN and LUN, or LoopID and LUN) will vary according to the types of storage and the types ofstorage addressing preferred at each site.

In the example shown in FIG. 4, the three servers (labeled Server A,Server B, and Server C) package storage commands into IP packetsaddressed to a storage router 110 having IP address 10.1.2.3. Storagerouter 110 extracts the iSCSI commands from the IP packet(s) and mapsthe storage addresses from those provided by the servers 127, 128 tothose used by the four disk controllers 340. As noted above, driver 181in each server 127–128 is configured to access the storage router at IPaddress “10.1.2.3”. An access list 322 (see FIG. 5) in the storagerouter 110 specifies the storage devices 140 that can be accessed byserves A, B, and C. From the perspective of each server, each disk drivemapped to it appears as a locally attached disk drive. FIG. 4 isdiscussed in more detail below.

FIG. 5 is a block diagram of internal functions of storage router 110.In each computer 127, 128, a iSCSI server driver 181 is set up with theIP address of storage router 110 (i.e., the address of GbE interface104). Each SCSI router session or instance 105 has an access list 322,which checks the requests raved against those that are allowed, i.e.,the access list specified IP addresses of those servers that are allowedaccess to a common set or storage resources 140. In one embodiment, eachSCSI router session specifies the server interface, the IP address ofthe server interface; the iSCSI targets, the mapping to the physicalstorage and the device interface. The server interface is the serverinterface that the SCSI router session will use to communicate with theservers 127, 128. The iSCSI targets are identified by iSCSI target nameand LUN. The mapping to the physical storage addresses is by controllerand/or LUN. The device interface specifies the storage interface thatthe SCSI routing services will use to access storage 140.

An example of iSCSI routing according to the present invention isillustrated in FIG. 8. In the example given in FIG. 8, an access list322 consists of a list of the IP addresses of servers 127 that will havepermission to access storage devices 140 via iSCSI target names. In oneembodiment, Table 4 is used to create access list 322.

TABLE 4 Command Description Step 1 enable Enter Administrator mode. Step2 create accesslist Create an access list; for example, create aegis anaccess list named aegis. Step 3 add accesslist Add IP addresses to theaccess list. For aegis 10.2.0.23/32, example, add the following IPaddresses to 10.3.0.36/32, the access list named aegis: 10.2.0.23,10.4.0.49/32 10.3.0.36, and 10.4.0.49. Set the network mask for each IPaddress to 255.255.255. 255 to limit the access to each IP address.

Creating SCSI routing services consists of creating and naming a baseset of SCSI routing services. Table 5 illustrates one method of creatingSCSI routing services.

TABLE 5 Command Description Step 1 enable Enter Administrator mode. Step2 create scsirouter Create a SCSI routing service zeus instance namedzeus.

In one embodiment, it is possible to define up to four instances on asingle storage router 110 or across a cluster of routers 110.

Configuring a server interface consists of identifying which SCSIrouting service instances to add to the server interface, identifyingthe server interface name, and assigning an IP address to the serverinterface. Table 6 illustrates one method of configuring a serverinterface for an instance of SCSI routing services.

TABLE 6 Command Description Step 1 enable Enter Administrator mode. Step2 add scsirouter Add server interface to SCSI routing services zeusserverif ge2 name zeus. Specify an IP address that servers 10.1.0.45/24will use to access the SCSI routing services, zeus. In addition, set theIP netmask to 255.255.255.0.

Configuring a device interface consists of specifying which SCSI routingservice instances to add to the device interface and the deviceinterface name and topology. Table 7 illustrates one method ofconfiguring a device interface for an instance of SCSI routing services.

TABLE 7 Command Description Step 1 enable Enter Administrator mode. Step2 add scsirouter Add device interface to SCSI routing zeus deviceifservices named zeus. This will be the fc1 interface in the storagerouter that the SCSI routing services will use to access physicalstorage devices. Step 3 set interface Set the device interface topology.The device fc1 topology interface is configured to attempt link loopactivation in a point-to-point topology, by or default. Ifpoint-to-point is not successful, a set interface loop topology isassumed. fc1 topology If the storage devices are all connected to a ptphub with the intention of running in an arbitrated loop, change thedevice interface topology to loop, as shown in the first example. If thestorage devices are all connected in a point-to-point topology, changethe device interface topology to ptp, as shown in the second example.Step 4 save all Save your configuration before rebooting the storagerouter. Step 5 reboot Reboot the storage router. A reboot is necessaryto make the new interface topology selection effective.

Once the device interface is added, the SCSI routing service instancebecomes active.

Configuring iSCSI targets 140 consists of specifying the SCSI routingservices to which the iSCSI target is to be added, specifying an iSCSItarget, and mapping the iSCSI target to a physical storage device 140.When adding an iSCSI target, you can specify the physical storage device140 either by physical storage address or by an index number assigned tothe device. Some representative addressing modes are shown in FIG. 8 foreach device 140.

High Availability Applications

One can configure a plurality of storage routers 100 in a cluster 300 toallow the storage routers 110 to back each other up in case of failure.A storage router cluster 300 includes, in some embodiments, twoconfigured storage routers 110 connected as follows:

Both connected to the same servers 127, 128,

Both connected to the same storage systems 340, and

Both connected to each other through their management and highavailability interfaces. In other embodiments, more than two storagerouters 110 are used.

In one embodiment, storage routers 110 within a cluster 300 continuallyexchange HA information to propagate configuration data to each otherand to detect failures in the cluster. In one such embodiment (such asis shown in FIG. 11), storage routers 110 exchange HA informationthrough two separate networks: one connected to the management interface158 of each storage router 110 and the other connected to the highavailability interface 148 of each storage router 110. To make sure thatHA information is exchanged reliably between storage routers 110, in oneembodiment, storage routers 110 balance the transmission of HAinformation between the management and the high availability interfaces.In one such embodiment, configuration information is exchanged in themanner described in “METHOD AND APPARATUS FOR EXCHANGING CONFIGURATIONINFORMATION BETWEEN NODES OPERATING IN A MASTER-SLAVE CONFIGURATION,”U.S. patent application Ser. No. 10/128,657, filed herewith, thedescription of which is incorporated herein by reference.

In one embodiment, each cluster 300 supports up to four active SCSIrouting service instances. ID one such embodiment, at any given time, aSCSI routing service instance can run on only one storage router 110 ina cluster 300. The SCSI routing service instance continues running onthe storage router 110 where it was started until it is explicitlystopped or failed over to another storage router 110 in the cluster 300,or automatically fails over to another storage router 110 because aninterface is unavailable or another software or hardware problem occurs.

In one embodiment, cach storage router 110 in cluster 300 can run up tofour SCSI routing service instances. For example, if one storage routeris already running two SCSI routing service instances, it is eligible torun up to two additional SCSI routing service instances.

One example of configuring management parameters within router 110 isgiven in Table 8. In the example provided in Table 8, configuringmanagement parameters includes tasks such as setting the system name, IPaddress and mask, gateway, and DNS servers

TABLE 8 Command Description Step 1 enable Enter Administrator mode. Step2 set systemname Configure a name for the management SN_5420-MG1interface. Step 3 set mgmt Configure the management interface withipaddress an IP address and subnet mask. 10.1.10.244/24 Note If thisstorage router is to participate in a cluster, the management interfacefor all storage routers in the cluster should be on the same network.Step 4 add route (Optional) Configure a gateway IP address 10.1.30.0/24gw if the storage router is to be managed from 10.1.10.201 a managementstation outside the storage router management subnet. The gateway (gwkeyword) IP address specifies a gateway on the storage router managementnetwork that will provide access to a management station. Note In thisconfiguration example, the mask is set to 24 (255.255.255.0) to allowany host on subnet 10.1.30.0 to be a management station. Step 5 setnameserver (Optional) Set the primary DNS IP 10.1.40.243 address.Specifies the IP address of the domain primary DNS server if themanagement mystoragenet.com interface IP address is to be correlatedwith a DNS host name. Optionally, specify the domain name of the storagerouter. Step 6 add route (Optional) Configure a gateway IP address10.1.40.243/32 gw if the primary DNS server is outside 10.1.10.201 thestorage router management subnet. The gateway (gw keyword) IP addressspecifies a gateway on the storage router management network that willprovide access to a primary DNS server. Note In this configurationexample, the mask is set to 32 (255.255.255.255) to specify the hostwith IP address 10.1.40.243 (the primary DNS server). Step 7 set(Optional) Set the secondary DNS IP secnameserver address. Specifies theIP address of 10.1.50.249 the secondary DNS server. Step 8 add route(Optional) Configure a gateway IP address 10.1.50.249/32 gw if thesecondary DNS server is outside the 10.1.10.201 storage routermanagement subnet. The gateway (gw keyword) IP address specifies agateway on the storage router management network that will provideaccess to a secondary DNS server. Note In this configuration example,the mask is set to 32 (255.255.255.255) to specify the host with IPaddress 10.1.50.249 (the secondary DNS server).

One example of configuring network management access within router 110is given in Table 9. In the example provided in Table 9, configuringnetwork management access consists of tasks for SNMP.

TABLE 9 Command Description Step 1 enable Enter Administrator mode. Step2 set snmp Specify the name of the community getcommunity public havingread access of the storage router network; that is, to which community'sGET commands the storage router will respond. Step 3 set snmp Specifythe name of the community setcommunity having write access to thestorage router mynetmanagers network; that is, to which community's SETcommands the storage router will respond. Step 4 set snmp traphostsSpecify the primary address for primary 10.1.30.17 SNMPv1 TRAPs and(optionally) secondary 10.1.30.18 specify the secondary address forSNMPv1 TRAPs. Note In this configuration example, the trap hosts have IPaddresses that are outside the storage router management subnet. In anearlier step (see Table 8)), a gateway was specified providing access tohosts on the 10.1.30.0 subnet.

When the storage router 110 is part of a storage router cluster 300, youwill need to configure the high availability (HA) interface. In oneembodiment, Table 10 can be used to configure the HA interfaceparameters.

TABLE 10 Command Description Step 1 enable Enter Administrator mode.Step 2 set ha Configure the HA interface with an IP address ipaddressand subnet mask. 10.1.20.56/24 Note The HA and management interfacesmust not be on the same network; each interface must be on a unique IPnetwork. In a cluster, the HA interfaces for all storage routers shouldbe on the same network. Step 3 save system Save system parameters. Step4 set cluster Set the cluster name in which the storage routerMt_Olympus is to participate. Follow the prompts from this command toeither merge or delete the storage router configuration. Merging meansthat the configuration of this storage router (including SCSI routingservices) is propagated to other storage routers in the named cluster.Deleting means that the existing configuration (including SCSI routingservices) will be deleted from the storage router. If you are joining anexisting cluster, any access lists that you have previously defined willbe overwritten by the access lists available to the cluster. This occursregardless of your decision to merge or delete configurationinformation. If you wish to make your current access lists available tothe cluster, you must save them to a file before joining the cluster,then restore them.

In one embodiment, completing step 4 in Table 10 will cause the storagerouter 110 to reboot.

In one embodiment, one of the storage routers 110 operates in mastermode and another operates in slave mode within cluster 300. In one suchembodiment, each router 110 is able to handle multiple applicationinstances. Each router 110 has at least one state machine in the NullState at all times, and that state machine is waiting to discover newapplication instances within the other nodes of the network. This statemachine is referred to as an “idle state machine,” indicating that it isidling until a new application instance is discovered. Such an approachis described in application Ser. No. 10/122,401, filed Apr. 11, 2002,entitled “METHOD AND APPARATUS FOR SUPPORTING COMMUNICATIONS BETWEENNODES OPERATING IN A MASTER-SLAVE CONFIGURATION”, which is acontinuation of application Ser. No. 09/9.49,182, filed Sep. 7, 2001,entitled “METHOD AND APPARATUS FOR SUPPORTING COMMUNICATIONS BETWEENNODES OPERATING IN A MASTER-SLAVE CONFIGURATION”, the description ofwhich is incorporated herein by reference.

In one such embodiment, each of the storage routers 110 exchangesheartbeat information. Such an approach is described in application Ser.No. 10/094,552, filed Mar. 7, 2002, entitled “METHOD AND APPARATUS FOREXCHANGING HEARTBEAT MESSAGES AND CONFIGURATION INFORMATION BETWEENNODES OPERATING IN A MASTER-SLAVE CONFIGURATION”.

The inclusion of the idle state machine in this embodiment provides anadvantage over previous approaches. Previous approaches assume that onlyone type of application instance exists within the node and within theother networked nodes (i.e., a time synchronization application).Accordingly, these approaches promptly enters either the master state orslave state upon initiation of the application, and only one master orslave state machine is maintained by a router 110 at any one time. Thatapproach, therefore, is incapable of managing multiple applicationinstances on the nodes, or listening for new application instances onthe network.

In contrast, this approach described above always has one or more statemachines in the Null State, and so it can provide a new state machinewhenever a new application instance is started in router 110 or isdiscovered in another router 110 through the receipt of a MasterAck orHeartbeat message from that other router 110.

In addition, high-availability is enhanced in storage router 110 byproviding multiple pathways between storage routers 110 (such as isshown in networks 302 and 306 in FIG. 11. In addition, in oneembodiment, high availability traffic is shared across network 129 aswell.

Application Ser. No. 10/131,275, filed even date herewith, entitled“METHOD AND APPARATUS FOR CONFIGURING NODES AS MASTERS OR SLAVES” andapplication Ser. No. 10/131,274, filed even date herewith, entitled“METHOD AND APPARATUS FOR TERMINATING APPLICATIONS IN AHIGH-AVAILABILITY NETWORK”, also contain information relevant toconfiguring storage routers 110 within a high availability cluster 300.Their descriptions are incorporated herein by reference.

FIG. 6 illustrates an exemplary storage-router cluster 300. Cluster 300includes a plurality of computers or hosts 127–128 connected on network129 to a plurality of storage routers 110 using GbE connections 118 toGbE interfaces 104. In some embodiments, each GbE interface 104 has ahardware MAC address used to identify IP packets destined for thatparticular GbE interface 104. In some embodiments, this hardware MACaddress is replaced by a MAC address that includes at least a portion ofan IP address used to route packets. A method for generating a MACaddress as a function of the network 129 is described in “VIRTUAL MACADDRESS SYSTEM AND METHOD”, U.S. patent application Ser. No. 10/131,782,filed herewith, the description of which is incorporated herein byreference.

In one embodiment, respective sessions are created between a respectivehost (from among hosts 127 through 128) and a particular iSCSI target(from among targets 310 through 311). SCSI routing occurs in storagerouter 110 through the mapping between physical storage devices (or LUNslocated on physical devices) and iSCSI targets (310–311). An iSCSItarget (e.g., 310, also called logical target 310) is an arbitrary nameor value for a group of one or more physical storage devices. One canmap a single iSCSI target to multiple physical devices. An iSCSI targetalways includes or contains at least one Logical Unit Number (LUN). EachLUN on an iSCSI target is mapped to a single LUN on a physical storagetarget.

In one embodiment, SCSI router 105 includes one or more instances 114,one for each iSCSI target 310–311. Each instance 114 uses the respectivemapping 318 to convert the iSCSI address to the physical address used toaccess a particular LUN 141–142. In some embodiments, a configurationmanager application 320 uses one or more access lists 322 to controlaccess to particular LUNs, i.e., to check that the particular sourcecomputer 127–128 has authorization to access the particular LUN 141–142on one particular target 140.

The storage network 149, in some embodiments, is implemented as afibre-channel loop 148 as shown in FIG. 6. In other embodiments, storagenetwork 149 is implemented as a fibre-channel fabric.

In one embodiment, one can choose between two types of storage mapping:target-and-LUN mapping 314 or target-only mapping 312. As describedabove, target-and-LUN mapping 314 maps an iSCSI-target-and-LUNcombination to a physical storage target-and-LUN combination.Target-only mapping maps an iSCSI target to a physical storage targetand its associated LUNs.

In one embodiment, SCSI router 105 includes two or more virtual SCSIrouters 114. Each virtual SCSI router 114 is associated with one or moreIP sessions. Such an embodiment is described in “VIRTUAL SCSI BUS FORSCSI-BASED STORAGE AREA NETWORK”, U.S. patent application Ser. No.10/131,793, filed herewith, the description of which is incorporatedherein by reference.

In one embodiment, each interface 104 performs TCP connection checkingon iSCSI traffic. TCP connection checking is described in “METHOD ANDAPPARATUS FOR ASSOCIATING AN IP ADDRESS AND INTERFACE TO A SCSI ROUTINGINSTANCE”, U.S. patent application Ser. No. 10/131,789, filed herewith,the description of which is incorporated herein by reference.

FIG. 7 shows the headers added to the iSCSI and to the fibre-channelcommands and data. On the host end (computers 127–128) the “write”command 122 and the associated data 121 to be written are embedded intoone or more packets 120, by adding an iSCSI header 123, a TCP header124, an IP header 125, and an ethernet header 126, having the MACaddress of the GbE interface 111 of the destination. These packets arepassed on network 129, and input through connection 118. GbE interface111 processes the packets and removes header 126. TCP/IP interface 112processes the packets and removes headers 125 and 124. iSCSI interface113 processes the packets and removes header 123 and directs one of thesessions 114 (as specified in the iSCSI header) to perform its mappingto a physical storage address used by storage device 140, and thesession 114 processes the mapped packets 130, for example, mapped to afibre channel data structure 130, having a FCP header added by FCPinterface 115 and an FC header added by FC interface 116. In someembodiments, this separates the write command 122 and one or more dataportions 121A–121B having separate FCP headers 133, 135, and 137respectively, and FC headers 134, 136, and 138 respectively.

As noted above, SCSI routing occurs in the Storage Router 110 throughthe mapping of physical storage devices to iSCSI targets. An iSCSItarget (also called a logical target) is an arbitrary name for a groupof physical storage devices. You can map an iSCSI target to multiplephysical devices. An iSCSI target always contains at least one LogicalUnit Number (LUN). Each LUN on an iSCSI target is mapped to a single LUNon a physical storage target.

Configuration module 320 operates to configure various aspects ofstorage router 110, including the mappings described above. In addition,configuration module 320 may be used to configure communications withstorage network 139 and IP network 129.

In some embodiments, the configuration data may be supplied through acommand interpreter. Such a command interpreter is described in “SYSTEMAND METHOD FOR CONFIGURING FIBRE-CHANNEL DEVICES”, U.S. patentapplication Ser. No. 10/131,655, filed herewith, the description ofwhich is incorporated herein by reference.

In one embodiment, the command interpreter is command line based.However, the invention is not limited to any particular form of commandinterpreter, and in alternative embodiments of the invention, thecommand interpreter may include a graphical user interface.

Database 318 includes information regarding devices on the storage areanetwork 139. Database 322 includes one or more access lists as describedabove. In one embodiment, databases 318 and 322 are in-memory databasescomprising one or more structures containing device data. For example,databases 318 and 322 may comprise a table, an array, a linked list ofentries, or any combination thereof. Additionally, databases 318 and 322may comprise one or more files on a file system. Furthermore, either ofdatabases 318 and 322 may comprise a relational database managementsystem. The invention is not limited to any particular database type orcombination of database types. Databases 318 and 322 may exist as two ormore databases. In one embodiment, databases 318 and 322 are combined ina single database.

FIG. 12 provides further details of an exemplary device database 318used in some embodiments of the invention. Exemplary device database 318includes a port database 210 and a LUN database 220. Additionally, someembodiments of the invention include an alternative path database 202.

Port database 210 comprises a set of fields providing information aboutports in a network, including storage area networks. In someembodiments, port database 210 includes one or more entries 212 having aset of fields. In some embodiments, the fields in port database 210include a port index, a port WWPN, and LUN list. The port index uniquelyidentifies an entry in port database 210. In some embodiments, the portindex can be inferred by the position of the entry in the table, andneed not be physically present. The port WWPN field contains dataspecifying the WWPN for the port. The LUN list field contains data thatidentifies the LUNs associated with the port. In some embodiments, theLUN list field is a link (i.e. a pointer) to a linked list of LUNdatabase entries. However, the invention is not limited to anyparticular representation for the LUN list field, and in alternativeembodiments the LUN list field may be a table or array of LUN listentries.

LUN database 220 comprises a set of fields that provide informationabout LUNs in a network. Typically the LUNs will be associated with aport. In some embodiments, the LUN database comprises a linked list ofentries 222. In some embodiments, the fields in port database 220include a LUN field, a WWNN field, and a next LUN link. The LUN fieldcontains data identifying the LUN. The WWNN field contains the WWNNassociated with the LUN. The next LUN field comprises data identifyingthe next LUN in a list of LUNs.

Some embodiments of the invention include an alternative path database202. Alternative path database 202 comprises one or more entries 204that define paths to targets available in a storage network. In someembodiments, the fields in an entry 204 include a target ID, a primaryWWPN, and a secondary WWPN. The target ID identifies a particular targetin a storage area network. The primary WWPN field contains dataidentifying the primary WWPN, that is, the WWPN that the system willattempt to use first when communicating with the target. The secondaryWWPN contains data identifying the secondary WWPN for the target. Thesystem will use the secondary WWPN to communicate with the target if theprimary WWPN is not available.

In some embodiments, a discovery process is used to provide data forsome portions of database 318. The discovery process comprises logic todetermine the devices 140 that are communicably coupled to a storagenetwork 139. Several different events may trigger the discovery process.For example, the discovery process may execute when the system isinitialized, when the system is reset, when a new device is added to thestorage network, or when a device on the storage network changes state.The discover logic may be executed in firmware, or it may be executed insoftware, for example, in a device driver. As those of skill in the artwill appreciate, the discovery process will differ depending on the typeof storage network 139 coupled to storage router 110.

An exemplary discovery process for a fibre-channel based storage networkused in some embodiments of the invention will now be described. In someembodiments, discovery comprises two main steps, port discovery anddevice discovery. Port discovery determines the target and/or initiatorports on the fibre-channel, and device discovery determines the LUNs(Logical Unit Numbers) on each target port.

As is known in the art, fibre-channel networks may exist in a number ofdifferent network topologies. Examples of such network topologiesinclude private loops, public loops, or fabrics. The port discoveryprocess in different embodiments of the invention may vary according tothe network topology.

In loop based topologies, such as private or public loops, someembodiments of the invention, the discovery process acquires a loop map.The loop map is typically created during low-level loop initialization.In some embodiments, the loop map comprises an ALPA (Arbitrated LoopPhysical Address) map. For each port in the loop map, the discoveryprocess populates various fields of the port database. In someembodiments, these fields include the world wide port name (WWPN), theALPA/loopid, and the port role (e.g. target and/or initiator). If theloop is a private loop, the port discovery process is generally completewhen each port in the loop map has been processed. If the loop is apublic loop, port discovery continues with the discovery of devicesconnected to the fabric.

In fabric-based topologies, the discovery process communicates with afabric directory server (also referred to as a name server) and obtainsa list of all devices known to the fabric switch. In some embodiments, aseries of “Get All Next (GA_NXT) extended link service commands areissued to the storage network to obtain the list. The directory serverresponds with the port identifier (portId) and WWPN for the port. Thisdata may then be used to populate various fields of the port database210.

In some embodiments, after port discovery as discovered ports on thestorage network, device discovery identifies devices on each port. Insome embodiments, for each port found during port discovery that is atarget device, a “Report LUNS” SCSI command is issued to LUN 0 on theport. If the device supports the command, the device returns a list ofLUNs on the port. If the device does not support the command, thediscovery process of some embodiments builds a local list of LUNscomprising LUN 0 to LUN 255.

For each LUN in the list, the discovery process issues one or more SCSIinquiry commands. These commands and the returned data include thefollowing:

Standard Inquiry- returns the device type, offline/online flags, vendordata, product data, and version data for the LUN. Device ID Inquiry-Returns the world wide node name (WWNN) of the LUN. Serial NumberInquiry- Returns the serial number for the LUN. The data returned by theabove-described commands is the used to populate corresponding fields inthe LUN database 220.

It should be noted that while the exemplary environment has beendescribed in terms of a storage router, the present invention may beimplemented in any type of network element, including IP routers,switches, hubs and/or gateways.

Applications

Applications of computer system 100 will be discussed next. Forinstance, by using system 100, a Storage Service Provider (SSP) is ableto immediately deploy new storage services at lower costs. Movingstorage over the IP infrastructure also allows the SSP to offercustomers secure (encrypted) access to storage at price points notpossible with today's storage products.

As noted above, customers outsource their storage to a SSP provider whowill manage their storage needs for a pre-determined fee. A typicalapplication would use a distributed Fibre-Channel (FC) network toconnect an IP network to FC devices located at either a local or aremote site. In this example; the SSP provides the entire storageinfrastructure on the customers premises. While Fibre Channel hasnumerous advantages, it lacks network management tools and issignificantly higher priced than comparable Ethernet products. Mostimportantly, due to lack of network security, the SSP must create aseparate Storage Area Networks (SAN) for each customer at the SSP toseparate data from multiple customers.

In contrast, system 100 (as illustrated in FIG. 4) can use one SAN formultiple customers due to the security features (e.g., LUN mapping andmasking) available in system 100. In addition, the use of IP productsthroughout system 100 lowers the total cost of implementation and addsadvantages such as greater ability to scale, improved management toolsand increased security.

In another application, the Application/Internet Service Provider(ASP/ISP) is able to centralize Web server storage using system 100.Centralization using system 100 dramatically lowers the cost of storagefor Web servers and provides a means of backing up real-time data overIP.

Finally, enterprise customers gain significant cost savings in deployingstorage over IP by leveraging their installed IP infrastructure. Asstorage becomes universally accessible using IP, local applications alsowill be able to be shared globally, greatly simplifying the task ofmanaging storage. Mirroring and off-site backup of data over the IPinfrastructure is expected to be an important application.

CONCLUSION

Systems, methods and apparatus to integrate IP network routing and SCSIdata storage have been described. Although specific embodiments havebeen illustrated and described herein, it will be appreciated by thoseof ordinary skill in the art that any arrangement which is calculated toachieve the same purpose may be substituted for the specific embodimentsshown. This application is intended to cover any adaptations orvariations of the present invention. For example, although described inprocedural terms, one of ordinary skill in the art will appreciate thatthe invention can be implemented in an object-oriented designenvironment or any other design environment that provides the requiredrelationships.

In the above discussion and in the attached appendices, the term

computer

is defined to include any digital or analog data processing unit.Examples include any personal computer, workstation, set top box,mainframe, server, supercomputer, laptop or personal digital assistantcapable of embodying the inventions described herein.

Examples of articles comprising computer readable media are floppydisks, hard drives, CD-ROM or DVD media or any other read-write orread-only memory device.

Although specific embodiments have been illustrated and describedherein, it will be appreciated by those of ordinary skill in the artthat any arrangement calculated to achieve the same purpose maybesubstituted for the specific embodiment shown. This application isintended to cover any adaptations or variations of the presentinvention. Therefore, it is intended that this invention be limited onlyby the claims and the equivalents thereof.

1. A storage router, comprising: a management module having a managementinterface, wherein the management interface receives commands andwherein the management module configures the storage router as afunction of the received commands; an IP network interface; a SCSInetwork interface for connecting to a network running a SCSI protocol;and a SCSI router, wherein the SCSI router receives encapsulated SCSIpackets from the IP network interface, extracts the SCSI packet from theencapsulated SCSI packet and forwards the SCSI packet to the SCSInetwork interface, wherein the SCSI router maps physical storage devicesto iSCSI targets.
 2. The storage router of claim 1, wherein the SCSInetwork interface includes a Fibre Channel interface.
 3. The storagerouter of claim 1, wherein the SCSI network interface includes aparallel SCSI interface.
 4. The storage router of claim 1, wherein theSCSI network interface includes an iSCSI interface.
 5. The storagerouter of claim 1, wherein the management module includes a highavailability interface.
 6. The storage router of claim 1, wherein themanagement interface receives commands via the IP network interface. 7.A storage router, comprising: a management module having a managementinterface, wherein the management interface receives commands andwherein the management module configures the storage router as afunction of the received commands; an IP network interface; a SCSInetwork interface for connecting to a network running a SCSI protocol;and a plurality of virtual SCSI routers, wherein each virtual SCSIrouter receives encapsulated SCSI packets from the IP network interface,extracts the SCSI packet from the encapsulated SCSI packet and forwardsthe SCSI packet to the SCSI network interface; wherein each virtual SCSIrouter maps physical storage devices to iSCSI targets.
 8. The storagerouter of claim 7, wherein the SCSI network interface includes a FibreChannel interface.
 9. The storage router of claim 7, wherein the SCSInetwork interface includes a parallel SCSI interface.
 10. The storagerouter of claim 7, wherein the SCSI network interface includes an iSCSIinterface.
 11. The storage router of claim 7, wherein the managementmodule includes a high availability interface.
 12. The storage router ofclaim 7, wherein the management interface receives commands via the IPnetwork interface.
 13. A computer system, comprising: an IP network; acomputer connected to the IP network; a storage router, wherein thestorage router includes: a management module having a managementinterface, wherein the management interface receives commands andwherein the management module configures the storage router as afunction of the received commands; an IP network interface; a SCSInetwork interface for connecting to a network running a SCSI protocol;and a virtual SCSI router, wherein the virtual SCSI router receivesencapsulated SCSI packets from the IP network interface, extracts theSCSI packet from the encapsulated SCSI packet and forwards the SCSIpacket to the SCSI network interface; wherein each virtual SCSI routermaps physical storage devices to iSCSI targets.
 14. The storage routerof claim 13, wherein the SCSI network interface includes a Fibre Channelinterface.
 15. The storage router of claim 13, wherein the SCSI networkinterface includes a parallel SCSI interface.
 16. The storage router ofclaim 13, wherein the SCSI network interface includes an iSCSIinterface.
 17. The storage router of claim 13, wherein the managementmodule includes a high availability interface.
 18. The storage router ofclaim 13, wherein the management interface receives commands via the IPnetwork interface.
 19. A method of accessing data stored on a storagenetwork, comprising: generating a SCSI request; encapsulating the SCSIrequest in one or more IP packets; routing the encapsulated SCSI requestover an IP network; receiving the encapsulated SCSI request; extractingthe SCSI request from the one or more IP packets; and routing the SCSIrequest through a virtual SCSI router to the storage network, whereinrouting includes mapping physical storage devices to iSCSI targets. 20.The method according to claim 19, wherein receiving the encapsulatedSCSI request includes verifying that the encapsulated SCSI request wasreceived at a predefined IP network interface.
 21. A storage routersystem having a plurality of storage routers, wherein each storagerouter comprises: a management module having a management interface,wherein the management interface includes a high availability interfaceand wherein the management interface receives commands and wherein themanagement module configures the storage router as a function of thereceived commands; an IP network interface; a SCSI network interface forconnecting to a network running a SCSI protocol; and a SCSI router,wherein the SCSI router receives encapsulated SCSI packets from the IPnetwork interface, extracts the SCSI packet from the encapsulated SCSIpacket and forwards the SCSI packet to the SCSI network interface;wherein the high availability interface of each storage router iscommunicatively connected to the high availability interface of each ofthe other storage routers; and wherein the SCSI router maps physicalstorage devices to iSCSI targets.
 22. The storage router system of claim21, wherein the SCSI network interface includes a Fibre Channelinterface.
 23. The storage router system of claim 21, wherein the SCSInetwork interface includes a parallel SCSI interface.
 24. The storagerouter system of claim 21, wherein the SCSI network interface includesan iSCSI interface.
 25. The storage router system of claim 21, whereinthe management module includes a high availability interface.
 26. Thestorage router system of claim 21, wherein the management interfacereceives commands via the IP network interface.